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(54) IMethod for operating a conditional access system for broadcast applications 



(57) In a method for operating a conditional access 
system for broadcast applications, which conditional ac- 
cess system comprising a number of subscribers, each 
subscriber having a terminal including a conditional ac- 
cess module and a secure device for storing entitle- 
ments, each entitlement indicating a service for which 
the subscriber receiving the entitlement is entitled to 
watch, entitlement management messages (EMM's) are 
sent to a secure device or group of secure devices. 
These EMM's each provide an entitlement and a corre- 



sponding expiry date, wherein the entitlements are re- 
freshed periodically in accordance with their expiry 
dates by sending EMM's updating the expiry dates. Fur- 
ther, a set of extension entitlement management mes- 
sages (extension EMM's) is sent to all secure devices, 
each message indicating that all entitlements having an 
expiry date within a predetermined first period are ex- 
tended with a predetermined second period, wherein 
the EMM'S updating the expiry dates are sent after the 
extension EMM's. 
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Description 

[0001 ] The invention relates to a method for operating 
a conditional access system for broadcast applications, 
said conditional access system comprising a number of ^ 
subscribers, each subscriber having a terminal includ- 
ing a conditional access module and a secure device for 
storing entitlements, each entitlement indicating a serv- 
ice for which the subscriber receiving the entitlement is 
entitled to watch, wherein entitlement management 
messages (EMM's) are sent to a secure device or group 
of secure devices, said EMM's each providing an enti- 
tlement and a con-esponding expiry date, wherein the 
entitlements are refreshed periodically in accordance 
with their expiry dates by sending EMM's updating the 
expiry dates. 

[0002] Such a method is known and is for example 
used in a pay television broadcasting system. If the up- 
dating or refreshment EMM's are not received before 
the expiry date, the secure devices will not allow access 
to the service or services for which the secure devices 
were entitled. Subscribers often disconnect their termi- 
nal equipment or tune their terminal to a broadcasting 
signal on which there are no EMM's carried. In such cir- 
cumstances the refreshment EMM will not be received 
in time before the expiry date, in this manner subscrib- 
ers will be forced to wait to be entitled over the air. In 
view of bandwidth constraints and the number of enti- 
tlements and number of subscribers in the conditional 
access system, the wait time can be extensive. Typical- 
ly, if a subscriber needs to wait beyond a period of about 
thirty seconds, he will contact the subscriber manage- 
ment centre to be re-authorised. This results in a large 
number of telephone calls needed to be processed each 
time an entitlement expires unintendedly. Consequently, 
higher operational costs arise. To improve the time 
needed to perform a refreshment of all subscribers, 
techniques such as group addressing have been devel- 
oped. Despite such developments, in case of a large 
base of subscribers, long wait times could still arise. 
These problems due to bandwidth limitations for the 
EMM messages make the operation of this type of con- 
ditional access system with positive authorisation very 
difficult with large numbers of subscribers. 
[0003] The invention aims to provide a method of the 
above-mentioned type wherein these problems of long 
wait times are avoided. 

[0004] According to the invention a method of the 
above-mentioned type is provided, characterized in that 
a set of extension entitlement management messages 
(extension EMM*s) is sent to at least a part of all secure 
devices, each message indicating that all entitlements 
having an expiry date within a predetennined first period 
are extended with a predetermined second period, 
wherein EMM*s updating the expiry dates are sent after 
the extension EMM*s. 

[0005] In this manner it is obtained that during the first 
period all entitlements of at least a part of all secure de- 



vices are extended by sending the extension EMM's 
during the first period to thereby extend the entitlements 
during the second period. After sending these extension 
EMM'S, the normal updating or refreshment EMM's can 
be sent for updating each entitlement at each subscriber 
individually. 

[0006] According to the invention an alternative em- 
bodiment is characterized in that each EMM comprises 
an entitlement expiry date and an entitlement receipt 
date, which dates are stored in the secure device, 
wherein a set of extension entitlement management 
messages (extension EMM's) is sent to all secure de- 
vices, each message indicating a given date from which 
all entitlements of the secure device have not changed, 
wherein if the receipt date for any entitlement is after 
said given date, all entitlements are extended with a pre- 
determined second period, wherein EMM's updating the 
expiry dates are sent after the extension EMM's. 
[0007] The invention will be further explained by ref- 
erence to the drawing showing a broadcast application 
in which an embodiment of the method of the invention 
is implemented. 

[0008] In the broadcasting application shown, three 
broadcasters 1-3 are coupled with a multiplexer unit 4 
comprising means for scrambling, encoding and com- 
pressing broadcast signals provided by the broadcast- 
ers 1-3. The thus obtained digital data streams are mul- 
tiplexed into a digital transport stream, for example in 
accordance with the MPEG-2 standard. In the embodi- 
ment shown this digital transport stream is modulated 
by way of a modulator 5 before transmission. The oper- 
ator of the equipment including the multiplexer unit 4 and 
modulator 5 is responsible for transmitting the signal to 
the receiving equipment of the public, one television set 
6 being shown by way of example. The transmission of 
the signal may be canried out through one or more tele- 
communication channels including a satellite link 7, ter- 
restrial link 8 or a cable system 9. One or more of the 
broadcasters 1-3 may be private broadcasters operat- 
ing according to the concept of pay television, which im- 
plies subscription. This means that people wishing to 
view programs broadcasted by a particular broadcaster, 
have to subscribe to such a broadcast, and pay the ap- 
propriate fee. 

[0009] Access to anyone of the broadcast signals pro- 
vided by the broadcasters 1-3 requires a temninal 10 
which for the subscription requiring services includes a 
conditional access module 11 and a secure device 12, 
generally provided in the form of a smart card which can 
be connected to the conditional access module 11 . The 
remaining part of the terminal 10 is known as such and 
needs not be described in detail. 
[0010] Regarding the conditional access to the serv- 
ices requiring subscription, it is known as such to send 
entitiement management messages or EMM's and en- 
titlement control messages or ECM's to the subscribers, 
i.e. to the smart cards 12. 

[001 1] It is noted that in the present specification the 
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term "service" indicates any type of program for which 
an entitlement is needed, including a channel, a specific 
event or any other item of interest. 
[0012] In such a conditional access system, generally 
a positive authorisation mechanism is used for entitle- 
ment control. An EMM Is sent to a smart card or a group 
of smart cards using either individual or group address- 
ing, the EMM indicating that a card is entitled to watch 
a service. Each subscriber can have a number of enti- 
tlements for different services. The entitlement structure 
generally comprises an identification or entitlement 
number and an entitlement expiry date. This information 
is stored in the smart card 12. In this manner certain 
forms of piracy are avoided. However, it is necessary to 
send refreshment EMM*s updating the expiry date. If 
such a refreshment or updating EMM for a specific en- 
titlement is not received before the expiry date, the 
smart card 12 will not allow access to the service in- 
volved. In practice subscribers often disconnect their 
terminal equipment or tune their terminal to a broadcast- 
ing signal on which there are no EMM's candied. In such 
circumstances the refreshment EMM will not be re- 
ceived in time before the expiry date. This may cause a 
large of number of telephone calls needed to be proc- 
essed at the subscriber management centre and this 
causes high operational costs. 
[0013] Even with the use of group addressing tech- 
niques a long period of time is required to update all en- 
titlements at ail subscribers. As an example in a practical 
broadcast application a conditional access system may 
comprise 10 million subscribers and 120 active entitle- 
ments. With a practical capacity for EMM's of 200 Kbit/ 
s, a potential wait time of 2.5 hours before a refreshment 
EMM for a predetemiined service arrives, is obtained. 
[0014] According to the present invention, expiry of 
an entitlement by not receiving a refreshment EMM be- 
fore the expiry date is prevented in the following manner. 
[0015] A set of extension entitlement management 
messages or extension EMM's is sent to the entire base 
of smart cards 12, either using group addressing or in- 
dividual addressing. Each extension EMM indicates to 
a smart card 12 that all entitlements with an expiry date 
within a predetermined first period, i.e. with an expiry 
date within a specified number of days, can remain ac- 
tive for a predetenmined second period. In this manner 
the entitlements of all smart cards are extended for the 
second period. During the thus obtained period in which 
the smart cards will allow access to the services for 
which entitlements are stored, the normal updating 
EMM'S can be sent to the subscribers updating the en- 
titlements of the smart cards in a normal manner for a 
next period. As the extension EMM's refer to all entitle- 
ments stored in the smart card, the extensions can be 
provided to all smart cards in a relatively short time. 
Thereafter sufTicient time is available to update all indi- 
vidual subscriptions within the entire base of subscrib- 
ers. 

[0016] In case group addressing is used, all entitle- 



ments of all subscribers are first extended in the de- 
scribed manner. Thereafter, individual refreshment 
EMM'S can be fonvarded, wherein these refreshment 
EMM's are first sent to those subscribers which have 

5 changed their subscription, for example by terminating 
or adding one or more subscriptions to specific services. 
[001 7] It is also possible to send the extension EMM's 
using individual addressing, wherein those addresses 
where subscriptions have been terminated do not re- 

10 ceive the extension EMM's. It is further possible to add 
individual EMM's to the set of extension EMM's, wherein 
the individual EMM's update the expiry date of the un- 
changed subscriptions only. 

[001 8] As an alternative, an EMM could store not only 

15 an entitlement expiry date but also an entitlement re- 
ceipt date in the smart card. In the above-described 
manner a set of extension EMM's is sent to the entire 
base of smart cards 12. In this case each extension 
EMM indicates a date from which the entitlements of a 

20 smart card have not changed. If the entitlement receipt 
date for any entitlement is after the date provided by the 
extension EMM, the smart card extends the expiry date 
of any entitlement by the predetennined second period. 
[001 9] In the embodiments described the conditional 

25 access module 11 and the secure device 12 are shown 
as physically separate devices. It will be understood that 
the conditional access module and/or the secure device 
can also be part of the terminal 10 or implemented in 
the terminal 10 by suitable programming. Therefore, the 

30 temrts conditional access module 11 and secure device 
12 as used in the specification and claims are not re- 
stricted to physically separate parts. 
[0020] The invention is not restricted to the above-de- 
scribed embodiments which can be varied in a number 

35 of way within the scope of the claims. 



Claims 

40 1. Method for operating a conditional access system 
for broadcast applications, said conditional access 
system comprising a number of subscribers, each 
subscriber having a tenninal including a conditional 
access module and a secure device for storing en- 

45 titlements, each entitlement indicating a service for 
which the subscriber receiving the entitlement is en- 
titled to watch, wherein entitlement management 
messages (EMM's) are sent to a secure device or 
group of secure devices, said EMM's each provid- 

50 ing an entitlement and a corresponding expiry date, 
wherein the entitlements are refreshed periodically 
in accordance with their expiry dates by sending 
EMM'S updating the expiry dates, characterized in 
that a set of extension entitlement management 

55 messages (extension EMM's) is sent to at least a 
part of all secure devices, each message indicating 
that all entitlements having an expiry date within a 
predetermined first period are extended with a pre- 
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determined Second period, wherein EMM'S updat- 
ing the expiry dates are sent after the extension 
EMM'S. 

2. Method for operating a conditional access system 5 
for broadcast applications, according to the pream- 
ble of claim 1 . characterized in that each EMM com- 
prises an entitlement expiry date and an entitlement 
receipt date, which dates are stored in the secure 
device, wherein a set of extension entitlement man- io 
agement messages (extension EMM's) is sent to all 
secure devices, each message indicating a given 
date from which all entitlements of the secure de- 
vice have not changed, wherein if the receipt date 

for any entitlement is after said given date, all enti- is 
tiements are extended with a predetermined sec- 
ond period, wherein EMM's updating the expiry 
dates are sent after the extension EMM's. 

3. Method according to claim 1 or 2, wherein the ex- 20 
tension EMM's are sent using group addressing. 

4. Method according to claim 1 or 2, wherein the ex- 
tension EMM'S are sent using individual address- 
ing. 25 

5. Method according to any one of the preceding 
claims, wherein the set of extension EMM's com- 
prise individual EMM's for predetermined secure 
devices for which the subscription has changed, 30 
said individual EMM's updating the expiry date of 
the unchanged subscriptions only. 
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